feat(admin): exclude orphaned malware records (pypi#15908)

Author: miketheman

package.json

@@ -5,8 +5,8 @@
   "scripts": {
     "build": "webpack",
     "watch": "webpack --watch",
-    "lint": "eslint 'warehouse/static/js/**' 'tests/frontend/**' --ignore-pattern 'warehouse/static/js/vendor/**'",
-    "lint:fix": "eslint 'warehouse/static/js/**' 'tests/frontend/**' --ignore-pattern 'warehouse/static/js/vendor/**' --fix",
+    "lint": "eslint 'warehouse/static/js/**' 'warehouse/admin/static/js/**' 'tests/frontend/**' --ignore-pattern 'warehouse/static/js/vendor/**'",
+    "lint:fix": "eslint 'warehouse/static/js/**' 'warehouse/admin/static/js/**' 'tests/frontend/**' --ignore-pattern 'warehouse/static/js/vendor/**' --fix",
     "stylelint": "stylelint '**/*.scss' --cache",
     "stylelint:fix": "stylelint '**/*.scss' --cache --fix",
     "test": "jest --coverage"
@@ -71,7 +71,8 @@
     "env": {
       "browser": true,
       "es6": true,
-      "amd": true
+      "amd": true,
+      "jquery": true
     },
     "extends": "eslint:recommended",
     "parser": "@babel/eslint-parser",

tests/unit/admin/views/test_core.py

@@ -30,8 +30,11 @@ def test_dashboard(self, pyramid_request):
         ]
 
     def test_dashboard_with_permission_and_observation(self, db_request):
+        """Test that the dashboard view returns the correct data when the user has the
+        required permission and there are multiple Observations in the database."""
         ProjectObservationFactory.create(kind="is_malware")
         ProjectObservationFactory.create(kind="is_malware", actions={"foo": "bar"})
+        ProjectObservationFactory.create(kind="is_malware", related=None)
         ProjectObservationFactory.create(kind="something_else")
         db_request.user = pretend.stub()
         db_request.has_permission = pretend.call_recorder(lambda perm: True)

tests/unit/admin/views/test_malware_reports.py

@@ -22,6 +22,8 @@ def test_malware_reports_list(self, db_request):
 
     def test_malware_reports_list_with_observations(self, db_request):
         ProjectObservationFactory.create(kind="is_spam")
+        ProjectObservationFactory.create(kind="is_malware", actions={"foo": "bar"})
+        ProjectObservationFactory.create(kind="is_malware", related=None)
         malware = ProjectObservationFactory.create_batch(size=3, kind="is_malware")
 
         assert views.malware_reports_list(db_request) == {"malware_reports": malware}

warehouse/admin/static/js/warehouse.js

@@ -29,6 +29,13 @@ import "admin-lte/plugins/datatables-rowgroup/js/rowGroup.bootstrap4";
 // Import AdminLTE JS
 import "admin-lte/build/js/AdminLTE";
 
+// Get our timeago function
+import timeAgo from "warehouse/utils/timeago";
+
+// Human-readable timestamps
+$(document).ready(function() {
+  timeAgo();
+});
 
 document.querySelectorAll("a[data-form-submit]").forEach(function (element) {
   element.addEventListener("click", function(event) {
@@ -116,7 +123,7 @@ document.querySelectorAll(".copy-text").forEach(function (element) {
 // Guard each one to not break execution if the table isn't present
 
 // User Account Activity
-let accountActivityTable = $("#account-activity")
+let accountActivityTable = $("#account-activity");
 if (accountActivityTable.length) {
   let table = accountActivityTable.DataTable({
     responsive: true,
@@ -132,7 +139,7 @@ if (accountActivityTable.length) {
 }
 
 // User API Tokens
-let tokenTable = $("#api-tokens")
+let tokenTable = $("#api-tokens");
 if (tokenTable.length) {
   let table = tokenTable.DataTable({
     responsive: true,
@@ -145,7 +152,7 @@ if (tokenTable.length) {
 }
 
 // Observations
-let observationsTable = $("#observations")
+let observationsTable = $("#observations");
 if (observationsTable.length) {
   let table = observationsTable.DataTable({
     responsive: true,
@@ -158,7 +165,7 @@ if (observationsTable.length) {
 }
 
 // Malware Reports
-let malwareReportsTable = $("#malware-reports")
+let malwareReportsTable = $("#malware-reports");
 if (malwareReportsTable.length) {
   let table = malwareReportsTable.DataTable({
     displayLength: 25,
@@ -169,7 +176,7 @@ if (malwareReportsTable.length) {
       dataSrc: 0,
       // display row count in group header
       startRender: function (rows, group) {
-        return group + ' (' + rows.count() + ')';
+        return group + " (" + rows.count() + ")";
       },
     },
   });

warehouse/admin/views/core.py

@@ -29,6 +29,7 @@ def dashboard(request):
         malware_reports_count = (
             request.db.query(func.count(Observation.id)).filter(
                 Observation.kind == ObservationKind.IsMalware.value[0],
+                Observation.related_id.is_not(None),  # Project is not removed
                 Observation.actions == {},  # No actions have been taken
             )
         ).scalar()

warehouse/admin/views/malware_reports.py

@@ -36,8 +36,11 @@ def malware_reports_list(request):
     """
     malware_observations = (
         request.db.query(Observation)
-        .filter(Observation.kind == "is_malware")
-        # TODO: filter by handled or not, once we have a way to handle them
+        .filter(
+            Observation.kind == "is_malware",
+            Observation.related_id.isnot(None),
+            Observation.actions == {},
+        )
         .order_by(Observation.created)
         .all()
     )

warehouse/admin/views/projects.py

@@ -218,8 +218,7 @@ def add_project_observation(project, request):
             )
         )
 
-    # We allow an empty payload from Admin.
-    payload = {}
+    payload = {"origin": "admin"}
 
     project.record_observation(
         request=request,
@@ -356,8 +355,7 @@ def add_release_observation(release, request):
             )
         )
 
-    # We allow an empty payload from Admin.
-    payload = {}
+    payload = {"origin": "admin"}
 
     release.record_observation(
         request=request,